It always sends me to sleep when IP enthusiasts lament the lack of adoption for IPv6.
It's obvious to anyone that looks at the two formats that any kind of hacky workaround like NAT gateways will be preferable indefinitely to actually adopting the monstrosity that is IPv6.
- Did you disable UPnP on your router? If not, any device behind the router can simply ask the router to open a port, typically without authentication, bypassing this "firewall" completely.
- TURN and STUN trivially bypass this side-effect, and a side effect of that is a third party has to often be involved, which can be collecting data later leaked or used against you.
- The monstrosity of NAT is that it's the core thing that drives centralization - because of NAT any two Internet hosts generally have to involve a third party to communicate, a third party which again, can be collecting data later leaked or used against you.
If you don't care about the security implications of the above, then you don't really care about the "firewall" either.
> That third party involved is my ISP which will see the packets anyway, even if NAT is not used.
The ISP doesn't meaningfully see packets as long as encryption is used. It sees stuff that if analyzes can be used to make guesses, but that's about it. I probably should have used a better term than "third party" but I was meaning services that collect data on everyone like Facebook, Twitter, etc. These services actually receive meaningful, trackable, surveillable data about you and they would not have to receive as much if NAT wasn't a thing.
Inside attacks are important. If you don't care about those, saying you like NAT because of any security benefit doesn't make sense.
I was surprised as well as it's something I turn off on devices I control and I haven't really assumed it was a thing. But recently at a friends house I decided to install upnpc on my Linux laptop and give this a try:
| upnpc -a 192.x.x.x 8080 80 tcp
And to my surprise it just worked. This friend just upgraded to fiber and had just received a new router.
I doubt that most consumer routers expose this functionality. IPv6 NAT is rarely needed and should be avoided. Interestingly enough I stumbled upon a use case today. No IPv6 connectivity at my office but at my dad's house. Since a WireGuard tunnel is layer 3 I can't use router advertisements and the prefix is dynamic, so private IPv6 addresses and NAT66 it is. It was an exercise out of curiosity though, route64.org works much better for IPv6 connectivity.
You just have outbound NAT enabled, so that your internal nodes can access the internet, no mapping to any internal nodes is set from the outside and no firewall. (just NAT alone) So all packets to your router's address will terminate at the router. Right?
OK, let's say I send a packet to your router's external interface with destination IP set to internal address of one of nodes in your network.
Will it reach your internal host? Will I get a response? ;-) I hope you now appreciate how NAT is not a firewall at all.
The real hacky workaround that we have adopted is just centralizing the whole internet in like 5 giant companies and making everyone else into passive consumers who can't even make a voice call to each other without giving some form of payment to a cloud giant.
There's always rough edges, but I would say that shared core platform code can usually work pretty well and save time once you got through the overhead of setup.
Thanks. Was scratching my own itch. Got frustrated with startup times for reasonably simple scripts in ruby and applescript. Rewrote some things in swift, but then got annoyed by the startup times of interpreted swift. I'm dogfooding my own tools, so I want both development and usage to be quick.
If you look at a character system like Pokemon, Magic, Neptunia, Fate/Grand Order or Azur Lane there is a lot of consistency. Sometimes one person does all the work (Tsunako!) but other times they bring in different artists but give them enough direction that it hangs together. That's what I'm looking for in trading cards.
Second the typography could be better. Some of it the font choice (a harder problem than I wish it was) and some is with the spacing of things.
> Turns out there is an answer: the garter snakes sequester the tetrodotoxin, storing it in their livers. This makes them toxic to their own predators.
It's obvious to anyone that looks at the two formats that any kind of hacky workaround like NAT gateways will be preferable indefinitely to actually adopting the monstrosity that is IPv6.